Latest news with #PurpleKnight
Techday NZ
11-07-2025
- Business
- Techday NZ
Hybrid identity security scores decline as vulnerabilities rise
Organisations are finding it increasingly difficult to identify and manage security vulnerabilities in hybrid identity environments, according to the latest 2025 Purple Knight Report from Semperis. Declining security scores The report, based on an online survey using the free Purple Knight security assessment tool, reveals an average initial security score of 61 out of 100 across participating organisations. This marks an 11-point decrease from the previous year's average of 72, highlighting a worsening situation in securing hybrid identity platforms such as Active Directory, Entra ID, and Okta. Developed by Semperis, Purple Knight enables organisations to discover indicators of exposure (IoEs) and indicators of compromise (IoCs) in their hybrid directory environments, offering both a benchmarking mechanism and ongoing tracking support. Variations by company size The survey documented notable differences in security posture between organisations of varying sizes. The highest scores were observed among large organisations with over 10,000 employees, achieving an average of 73. Small companies with up to 500 employees reported an average score of 68. In contrast, mid-sized organisations (2,001 to 5,000 employees) registered the lowest average score of just 52, reflecting particular difficulties faced by this segment. "The largest organisations have more resources, and the smallest organisations often have less-complicated environments to secure," said Sean Deuby, Semperis Principal Technologist, Americas. Addressing the challenges encountered by mid-sized organisations, Deuby added, "The midsized companies are where the IT pros have to do everything. You don't have full-time AD specialists." Sector-specific findings Security gaps were also distributed unevenly across industries. The government sector recorded the lowest average score at 46, followed by the retail industry at 51, and the transportation and education sectors at 57. Despite healthcare achieving the highest industry score of 66, this result still indicates significant room for improvement. Vulnerability categories When examining categories of vulnerabilities, organisations scored lowest in the AD Infrastructure category, followed by Account Security, Kerberos, Group Policy, Entra ID, and Okta. This illustrates a broad range of challenges faced when managing hybrid identity systems. "Hybrid identity environments are complex, and threat actors know it. Overall, organisations can't protect what they can't see. The lower average scores in the 2025 Purple Knight Report indicate how crucial it is for companies to proactively assess vulnerabilities across their hybrid identity systems so they can close security gaps before attackers exploit them," said Deuby. "Purple Knight gives organisations of all sizes the ability to identify vulnerabilities and remediate them before risks become damaging losses because of a compromise." Remediation impact According to the report, organisations that utilised Purple Knight's security recommendations achieved an average improvement of 21 points on their security assessment scores, with some reporting gains as high as 61 points. This demonstrates the measurable benefit of following expert mitigation guidance. Bob G., infrastructure team lead at a global shipping company, explained, "My company has launched a multi-year project to reorganise the environment, which currently consists of about 30 AD forests. Using Purple Knight to scan those environments helps us understand what might break in our permissions structure or what open security vulnerabilities we need to fix." Jose G., global administrator at an IT services company, described the tool's real-world impact: "We suffered an attack that compromised some of our systems, and we thought we were pretty secure in terms of Active Directory. We learned a lot from that event. Out of curiosity, I ran Purple Knight on the environment, and I found a new world of stuff to fix." Eric M., senior identity engineer at a global printing company, reflected on his experience, "I do a pretty good job. And we haven't been breached. But then you see the D-minus on your report card and it's like, wow. There are some things we could do better." Usage and recommendations Purple Knight is officially recommended by organisations including the Five Eyes alliance and the Australian Cyber Security Centre. More than 45,000 organisations have used the tool to date to assess and bolster their hybrid Active Directory security.
Techday NZ
10-07-2025
- Business
- Techday NZ
Mid-size firms, government trail in hybrid identity security
The latest Purple Knight Report from Semperis indicates ongoing and worsening security vulnerabilities across hybrid identity systems, including Active Directory, Entra ID, and Okta. According to the 2025 report, the average identity security score for organisations globally now stands at 61 out of 100, reflecting a 15% drop compared to 2023 figures, which showed an average score of 72. The assessment is based on data from over 45,000 organisations that have downloaded and used the Purple Knight Active Directory security assessment tool. Mid-size organisations, defined as having between 2,001 and 5,000 employees, reported the lowest average security score, at just 52. The government sector performed worst among industry verticals, scoring an average of 46, with retail, transportation and education following at 51 and 57, respectively. The healthcare sector achieved the highest industry average, though still at a modest 66 out of 100. Larger organisations with more than 10,000 employees scored highest, averaging 73, while the smallest companies, with up to 500 employees, followed closely with an average of 68. The findings attribute these higher scores to the greater resources of large organisations and the simpler environments of smaller ones. "The largest organisations have more resources, and the smallest organisations often have less-complicated environments to secure," said Sean Deuby, Semperis Principal Technologist, Americas. Deuby highlighted the particular challenges faced by companies in the mid-size range. "The midsized companies are where the IT pros have to do everything. You don't have full-time AD specialists," he said. Vulnerabilities by category The Purple Knight Report reviews six categories of security vulnerabilities. Across these, the AD Infrastructure category recorded the lowest scores, pointing to persistent risks in the configuration and maintenance of directory services. This was followed by vulnerabilities in Account Security, Kerberos, Group Policy, Entra ID, and Okta respectively. Deuby explained the wider picture driving the results: "Hybrid identity environments are complex, and threat actors know it. Overall, organisations can't protect what they can't see. The lower average scores in the 2025 Purple Knight Report indicate how crucial it is for companies to proactively assess vulnerabilities across their hybrid identity systems so they can close security gaps before attackers exploit them. Purple Knight gives organisations of all sizes the ability to identify vulnerabilities and remediate them before risks become damaging losses because of a compromise," said Deuby. Remediation impact Despite the generally low baseline scores, the report shows that organisations using Purple Knight's expert mitigation guidance have seen significant improvements. Users cited an average score increase of 21 points after applying the recommended remediations, with some reporting improvements as high as 61 points. Real-world feedback from users better illustrates the practical value of the toolkit. Bob G., an infrastructure team lead at a global shipping company, commented: "My company has launched a multi-year project to reorganise the environment, which currently consists of about 30 AD forests. Using Purple Knight to scan those environments helps us understand what might break in our permissions structure or what open security vulnerabilities we need to fix." Jose G., a global administrator at an IT services company, described how a security incident prompted a reassessment: "We suffered an attack that compromised some of our systems, and we thought we were pretty secure in terms of Active Directory. We learned a lot from that event. Out of curiosity, I ran Purple Knight on the environment, and I found a new world of stuff to fix." Eric M., senior identity engineer at a global printing company, shared his experience: "I do a pretty good job. And we haven't been breached. But then you see the D-minus on your report card and it's like, wow. There are some things we could do better." Ongoing challenges The report highlights the persistent challenges presented by hybrid identity systems, particularly for mid-sized organisations and sectors such as government and retail, where resources may not match the complexity of environments at risk. The findings reinforce the role of continuous assessment and remediation in improving identity security and reducing the risk of compromise.
Yahoo
08-05-2025
- Business
- Yahoo
Identity Strategy: Semperis CEO Mickey Bresman, Live at RSAC 2025
Tech Edge hosted a fireside chat on April 30 at RSAC 2025 in San Francisco with Mickey Bresman, Chief Executive Officer at Semperis. The in-person interview was joined by Editor-at-Large Jarrett Banks and they discussed what's next for the company after recently surpassing $100M ARR, the evolution of Semperis' mission of putting identity at the center of cyber resilience strategy, among other topics. Watch the interview below: This embedded content is not available in your region. About Mickey Bresman Mickey Bresman is CEO and co-founder of Semperis, a leading provider of enterprise, hybrid identity protection, threat research, and incident response services. Among the top three fastest-growing cybersecurity companies in the U.S., according to Inc. 5000, Semperis is widely recognized for offering the industry's most comprehensive hybrid directory protection technology and services. Semperis recently surpassed $100M in annual recurring revenue, a milestone that fewer than one in every 1,000 venture-backed enterprise software companies achieves. The company has been recognized by Deloitte's Technology Fast 500, Inc's Best Workplaces, and, recently, CRN's 2025 Security 100 list. Its Purple Knight community tool, a free assessment solution designed to identify vulnerabilities in Microsoft Active Directory, Entra ID, and Okta, has been endorsed by leading cyber agencies from the Five Eyes Nation, including the NSA and CISA. Beginning his technical career in the Navy, Mickey's comfort zone is on the front lines helping organizations thwart and respond to cyberattacks. The long-time cybersecurity expert and entrepreneur has an extensive track record of driving revenue growth and scaling organizations across the globe. Prior to founding Semperis, Mickey held the position of CTO at YouCC Technologies, a Microsoft Gold Partner integration company. About Semperis For security teams charged with defending hybrid and multi-cloud environments, Semperis ensures the integrity and availability of critical enterprise directory services at every step in the cyber kill chain and cuts recovery time by 90%. Purpose-built for securing hybrid identity environments—including Active Directory, Entra ID, and Okta—Semperis' AI-powered technology protects over 100 million identities from cyberattacks, data breaches and operational errors. The world's leading organizations trust Semperis to spot directory vulnerabilities, intercept cyberattacks in progress and quickly recover from ransomware and other data integrity emergencies. Semperis is headquartered in Hoboken, New Jersey, and operates internationally, with its research and development team distributed throughout the United States, Canada and Israel. Semperis hosts the award-winning Hybrid Identity Protection conference and podcast series ( and built the community hybrid Active Directory cyber defender tools, Purple Knight ( and Forest Druid. The company has received the highest level of industry accolades, recently named to Inc. Magazine's list of best workplaces for 2024 and ranked the fastest-growing cybersecurity company in America by the Financial Times. Contact: Exec Edge Editor@ Error in retrieving data Sign in to access your portfolio Error in retrieving data Error in retrieving data Error in retrieving data Error in retrieving data
